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Reliability  Analysis  of  Phased  Missions 
J.  D.  Esary  and  H.  Ziehms 

Abstract.   In  a  phased  mission  the  relevant  system  configuration 
(block  diagram  or  fault  tree)  changes  during  consecutive  time  periods 
(phases).  Many  systems  are  required  to  perform  phased  missions.  A 
classic  example  is  a  space  vehicle. 

A  reliability  analysis  for  a  phased  mission  encounters  complexi- 
ties not  present  with  just  one  phase,  but  can  be  transformed  into  an 
analysis  of  a  synthetic  single  phase  case.   The  transformation  has  a 
potential  for  direct  application,  or  can  be  used  to  study  various  com- 
putational algorithms  and  approximations. 

1.   Introduction.   We  consider  a  system   which  consists  of  several 
components.      The  components  perform  independently  of  each  other,  and 
each  of  them  may  be  in  one  of  two  states,  functioning   or  failed.      It  is 
assumed  that  no  component  can  be  repaired  or  replaced.   Thus  each  com- 
ponent functions  continuously  in  time  until  failure  occurs,  after  which 
it  remains  failed.   Esary  and  Marshall  [1964]  say  that  a  device  which 
displays  this  kind  of  behavior  has  a  life. 

The  system  performs  a  mission   which  can  be  divided  into  consecu- 
tive time  periods,  or  phases.      During  each  phase  it  has  to  accomplish  a 
specified  task.   Thus  the  system  configuration    (a  subset  of  the  compo- 
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nents  and  their  functional  organization  which  can  be  represented,  for 
instance,  by  a  block  diagram  or  fault  tree)  changes  from  phase  to  phase. 
As  is  the  case  with  individual  components,  only  two  states  of  the  sys- 
tem are  recognized,  functioning  or  failed. 

A  classic  example  of  a  phased  mission  is  the  voyage  of  a  space  ve- 
hicle, but  many  other  systems  are  required  to  perform  phased  missions. 
To  illustrate  the  ideas  and  methods  of  this  paper  we  will  often  consid- 
er the  following  hypothetical  situation. 

Example  1.1.   A  fire  department  has  three  vehicles; 

-  a  multipurpose  fire  engine   (M) , 

-  a  tanker   (T) , 
i 

-  a  light  fire  truck   (L) . 

The  firef ighting  equipment  of  a  small  chemical  factory  located  nearby 
consists  of; 

-  a  sprinkler  system   (S) , 

-  a  hydrant   (H) , 

-  a  special  apparatus  for  fighting  chemical  fires   (F) . 

The  plant  safety  engineer  wonders  whether  the  combined  hardware  re- 
sources of  the  fire  department  and  the  factory  are  sufficient  to  fight 
a  fire  in  the  factory.   He  consults  the  fire  chief,  and  together  they 
conclude: 

(1)  During  the  initial  stage  of  a  fire  either  the  multipurpose 
engine,  which  carries  a  small  water  supply,  or  the  light  truck,  provid- 
ed the  sprinkler  system  works,  suffices  to  evacuate  the  building. 

(2)  To  contain  the  fire  the  factory's  special  apparatus  is  needed, 
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together  with  some  auxiliary  capability  from  the  multipurpose  engine  or 
the  light  truck.  Water  can  be  supplied  to  the  special  apparatus  and 
the  department's  units  by  the  hydrant,  or  if  it  is  out  of  order,  by  the 
tanker  through  pumps  in  the  multipurpose  engine. 

(3)   After  the  fire  has  been  contained  it  can  be  controlled  either 
by  the  special  apparatus  or  the  multipurpose  engine.  Again,  water  can 
be  supplied  by  the  hydrant  or  by  the  tanker  together  with  the  multipur- 
pose engine. 

The  system  has  six  components  and  has  to  perform  a  three-phased 
mission.  D 

Given  the  survival  characteristics  of  the  components,  the  relevant 
system  configuration  in  each  phase,  and  the  duration  of  the  phases,  the 
problem  is  to  find  the  probability  that  the  system  will  function 
throughout  the  mission,  i.e.  the  mission  reliability   for  the  system. 

The  reliability  analysis  of  a  phased  mission  encounters  some  com- 
plexities which  are  not  present  when  only  one  phase  is  considered.   It 
is  not  exact  to  do  a  standard  analysis  of  each  phase  separately,  and 
then  multiply  the  resulting  phase  reliabilities  together;  even  if  the 
age  of  the  components  at  the  beginning  of  each  phase  is  taken  into 
account.   The  implicit  assumption  involved,  that  each  component  is 
functioning  at  the  beginning  of  each  phase,  is  not  necessarily  true. 
The  following  example  illustrates  this  point. 

Example  1.2.   A  system  with  two  independent  components,   C   and 
C  ,   is  designed  for  a  two-phased  mission.   In  order  for  the  system  to 


perform  the  required  tasks  at  least  one  component  has  to  function 
through  phase  1  and  both  components  have  to  function  through  phase  2 
The  block  diagram  for  this  system  is 


C2 

phase  I 


phase  2 


For  k  =  1,2,   let  it    denote  the  probability  that  component  C 

K  JL  K 

functions  through  phase  1,  and  it    denote  the  conditional  probability 
that  component  C   functions  through  phase  2,  given  that  it  has  func- 
tioned thrqugh  phase  1.   The  system  reliability  for  phase  1  is 
ffi  =  *n  +  ^91  ~  irn1T9i'   anc*  the  system  reliability  for  phase  2,  given 
that  both  components  have  functioned  through  phase  1,  is  tt  =  tt  ~^9-« 
Multiplying  these  together  would  lead  to  the  mission  reliability 

IT  =  TT,  IT   =   (TT,  ,  +  TT^.  -  TT,  ,  TT^.  )  TT,  ^TT^_  . 

12     11    21    11  21   12  22 
This  is  greater  than  the  correct  mission  reliability,  which  is 


r    11  12  21  22 
since  mission  success  is  achieved  if,  and  only  if,  both  components 
function  through  both  phases.  □ 

The  multi-phase  case  is  potentially  different  from  the  single- 
phase  case  in  another  respect.   With  just  one  phase,  if  each  component 
has  a  life  and  the  system  configuration  is  coherent    (representable  by  a 
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block  diagram  or  fault  tree  using  AND  and  OR  gates) ,  then  the  system 
has  a  life  (Esary  and  Marshall  [1964] ) .   In  the  multi-phase  case  this 
is  not  necessarily  true.   Even  if  all  components  have  lives  and  all 
phase  configurations  are  coherent,  the  system  may  not  have  a  life.   How 
this  can  happen  is  shown  in  the  next  example. 

Example  1.2.   A  two-component  system  is  designed  for  a  two-phase 
mission  with  the  phase  configurations  represented  by  the  block  diagram 


-EQ-  -0- 

phase  I  phase  2 


If  tt»   k  »  1,2/   j  =  l,2,   are  defined  as  in  Example  1.2,  then  there 
k3 

is  a  probability   (1  -  n  )ir  it    that  the  system  fails  in  phase  1, 
but  functions  again  in  phase  2.   In  this  sense  the  system  does  not  have 
a  life.  D 

The  possible  resurrection  of  a  system  in  a  later  phase  does  not 
present  a  problem  in  the  reliability  analysis  of  phased  missions. 
Since  failure  of  the  system  in  even  one  phase  prevents  mission  success, 
it  will  always  be  assumed  that  the  life  of  the  system  ends  at  the  time 
of  its  first  failure.   By  contrast,  the  possible  resurrection  of  a  com- 
ponent would  pose  a  much  more  serious  problem,  and  is  ruled  out  by  the 
assumption  that  all  components  have  lives. 

The  reliability  analysis  of  phased  missions  has  received  attention 
in  the  basic  papers  of  Rubin  [1964]  and  Weisberg  and  Schmidt  [1966] . 
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These  authors  introduced  a  method  of  "cut  cancellation"  which  can  be 
advantageously  used  to  simplify  the  sequence  of  phase  configurations 
prior  to  beginning  reliability  calculations.   More  recently,  a  similar 
approach  is  described  in  the  United  States  Navy  reliability  manual 
NAVORD  OF  29304  Revision  A  [1973],  based  on  the  work  of  C.  Persels. 

The  purpose  of  this  paper  is  to  exhibit  a  transformation  which 
reduces  any  multi-phase  mission  to  an  equivalent,  synthetic,  single- 
phase  system.   Existing  algorithms  can  then  be  applied  to  compute  mis- 
sion reliability.   However,  a  concomitant  apparent  increase  in  the 
number  of  components  may  aggravate  capacity  problems.   The  transforma- 
tion can  also  be  used  to  study  refined  computational  algorithms,  and  to 
derive  bounds  on  mission  reliability.   Simple  instances  of  its  applica- 
tion are  included. 

2.   Mathematical  formulation  of 'the  phased  mission  problem.   The 

system  under  consideration  is  assumed  to  have  n  components,  labeled 

C, ,...,C  .   Each  component  C,   has  a  life  and  hence  its  time  to  fail- 
1      n  k 

ure,  or  life  length,    is  a  well  defined,  nonnegative  random  variable  T  . 

The  assumption  that  the  components  perform  independently  of  each  other 

formally  means  that  T  , ...,T   are  independent. 

For  each  component  C   and  all  times   t  ^  0,   let  X  (t)   be  a 

Bernoulli  random  variable  defined  by 

1   if  component  C   functions  at  time  t,   i.e. 
xk(t)  -    if  Tk  >   *' 

0  otherwise. 


The  random  variable  X  (t)   is  called  a  performance  state  indicator 
variable,   and  the  stochastic  process   (x^(t),  t  2:  o)  is  the  perform- 
ance process   of  the  component  C  .   The  sample  paths  of  the  latter  have 
the  properties  that: 


(2.1) 


a)  X  (t)  =  0  «>  xv(s)  =  °»  s  >  t. 

b)  X^tt)  =  1  *>  x^s)  =1,  0  £-s  &  t. 

Thus  a  sample  path  of  a  performance  process  is  non-increasing  and  con- 
tinuous from  the  right,  as  indicated  in  Figure  2.1. 


I 


0- 


X  (t)=l 
k 


x  (t)=o 

k 


t— > 


Figure  2.1.   Performance  process  sample  path,  component  C  . 

For  each  t  £  0,   let  X(t)  =  (X, (t),...,X  (t))   be  the  perform- 

•**        1         n 

ance  state  indicator  vector   of  the  set  of  components.   Then  the  sto- 
chastic process   fx^t) ,  t  £  0}   is  called  the  joint  performance  process 
of  the  components. 

The  use  of  performance  processes  to  represent  component  failure 
times  is  compatible  with  the  use  of  structure  functions  to  represent 
system  configurations  within  phases. 
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The  system  configuration  in  each  of  the  phases  can  be  described 

by  a  block  diagram  or  a  fault  tree  for  conceptual  purposes,  or  by  a 

structure  function  for  mathematical  analysis.  A  structure  function   is 

a  binary  function  <|>  of  binary  variables  x.  ,...,x   which  relates  the 

1      n 

performance  state  of  the  system  to  the  performance  states  of  its  compo- 
nents; with  <{>  (x)  =  (j>(x.  ,...,x  )  =  1  if  the  system  functions,  and 
**»      ±      n 

$(x)  =  0  otherwise,  where  x,  =  1   if  component  C   functions,  and 

x,  =  0  otherwise, 
k 

It  is  assumed  that  each  phase  configuration  of  a  system  is  coher- 
ent,   i.e.  can  be  represented  by  a  block  diagram  or  fault  tree  using  AND 
and  OR  gates.   If  a  configuration  is  coherent,  then  its  structure  func- 
tion <(>  has  the  properties: 

a )      <J>  (x)    ^  <{>  (yj      whenever     x     ^  y    ,      k  =  1 , . . . ,  n . 
(2.2)  b)      <J>(0)    =  <H0,...,0)    =   0. 

c)      «J.(1)    =  <J)(1,...,1)    =  1. 


Hkh 


M 


—    _   F 


H  - 

-  M  - 

-   L  - 

.  T 

M 

phose    I 


phase  2 


F 

H 

M  . 

T 

H 

phase  3 


Figure  2.2.   Block  diagram  for  the  mission 
of  Example  1.1. 


To  illustrate,    a  block  diagram   for  the  mission  described  in  Exam- 
ple  1.1   is  shown  in  Figure   2.2,    and  a   fault  tree   in  Figure   2.3. 


containment 
fails 


control 
fails 


no 
delivery 


no  primary 
delivery 


W 


no  auxiliary 
delivery 


no  water 


Figure  2.3.   Fault  tree  for  the  mission 
of  Example  1.1. 


The  structure  functions  for  the  system  of  Example  1.1  are; 

for  phase  1,   *i  =  xm  V  xlXs' 

for  phase   2,      <j>2  =  XpCx^  v  xL>    v  x^J  , 

for  phase  3,   $3  =  xpxH  V  xM(xT  v  xH) . 

The  symbol  v  is  the  arithmetic  OR  operator,  i.e. 

1  if  x  =  1  or   X.  =  1, 
xx  v  x2  = 

0  if  x.  =  0  and  x  =  0, 

or  for  computational  purposes,   x  v  x  =  x  +  x  -  x  x 

=  1  -  (1  -  X;L)(1  -  x2). 

The  phase  structure  functions  can  be  combined  with  the  component 
performance  processes  to  achieve  a  concise  mathematical  formulation  of 
the  phased  mission  problem. 

The  mission  is  assumed  to  be  divided  into  m  phases,  and  to  start 

at  time  t  =  0.   For  j  =  l,...,m,   the  time  at  which  phase  j   ends, 

and,  except  for  j  =  m,   the  next  phase  begins  is  denoted  by  t..   The 

structure  function  appropriate  for  phase  j  is  denoted  by  <J> . .   The 

event  that  the  system  functions  during  phase  j   can  be  expressed  as 

(<j>.(X(t.))  =  l},   and  the  event  that  the  system  functions  throughout 
3   "*  3 

the  mission  by  {<|>,(X(t, ))  =  1,...,<|>  (X(t  ))  =  l).   The  mission  relia- 

1  •*»  1  m  ~  m 

bility   for  the  system  is  the  probability  that  this  event  occurs.   Since 

4>.(X(t.)),   j  =  l,...,m,   are  Bernoulli  random  variables,  this  proba- 
3   ~  D 

bility  may  be  expressed  compactly  as 

m     ,..,.».    , ,    _  -rr  m 


(2.3)        p  =  piTTjl!  V#V>  =  1]  =  ETTj™1  ♦jcs^j" 
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where  E  denotes  expectation. 

The  fact  reflected  in  (2.3),  that  the  sequential  operation  of 
phase  configurations  resembles  to  some  extent  the  serial  operation  of 
subsystems,  is  important  in  transforming  the  phased  mission  problem. 

3.   Transformation  of  a  multi-phase  mission  into  a  single-phase 
mission.   Complexities  in  the  reliability  analysis  of  phased  missions 
arise  because  a  component's  performance  in  each  phase  depends  on  its 
performance  in  previous  phases.   The  dependence,  however,  is  of  a  spe- 
cial type.   A  component  functions  in  phase  j   if,  and  only  if,  it  has 
previously  functioned  in  phase  1,  and  in  phase  2,...,  and  in  phase  j-1, 
and  then  functions  in  phase  j .   This  sequence  of  requirements  suggests 
that  the  performance  of  a  component  in  phase  j   can  be  represented  by 
a  series-like  structure  whose  elements  represent  its  performance  in 
phases  1, . . . , j  . 

To  be  more  specific,  suppose  that  component  C   is  replaced  by 

it 

phase  j   by  a  system  of  components  C   , ...,C  . ,   performing  independ- 

X.  -L  is.  J 

ently  and  in  series.   In  block  diagram  format,  the  block 
is  replaced  in  phase   j   by 

— E3— E3- — E3- 

In  fault  tree  format,  the  input  event  C    (failure  of  component  C  ) 
is  replaced  in  phase   j   by 
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Let  U  ,  ...,U    be  independent  performance  state  indicator  vari- 
ables for  the  components  C,  ,,..., C,  .,   with 

kl  kj 

P[U        =  1]    =  P[Xv(t   )    =  1] 
(3.1)  K1  *      L 

P[Uki  =   1]    =  PtXk(ti)    =   1lXk(ti-l)    =  1]'      i  =   2>~->3- 
Then     P[JC  (t.)    =  1]    =  ptukluk2--*uk-    =   1J'      and  so 

W  =StuklUk2---Ukj' 

St 

where  =    means  "is  stochastically  equal  to"  or,  less  formally,  "has 
the  same  distribution  as."  Thus  the  original  component  and  the  substi- 
tuted system  have,  as  of  the  end  of  phase  j,   the  same  reliability. 
The  preceding  observations  suggest  that  a  transformation   of  the 
phased  mission  problem  can  be  accomplished  by: 

(a)  Replacing,    in  the  configuration  for  phase     j,  component     C 

by  a   series  system  in  which   the  components     C, ,,..., C,  . 

kl      kj 

perform  independently  with  the  probabilities  of  functioning 
given  in    (3.1) . 

(b)  Considering  the  transformed  phase  configurations  to  be  sub- 
systems which  operate  in  series. 

The  resulting  new  system,  which  has  (at  most)   n*m  independent  compo- 
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nents,  is  the  equivalent  system.  As  will  be  shown  later,  the  ordinary 
reliability  of  the  equivalent  system  is  the  same  as  the  reliability  of 
the  original  system  for  its  phased  mission. 

As  an  illustration,  the  block  diagram  for  the  equivalent  system 
arising  out  of  Example  1.1  is  shown  in  Figure  3.1  (cf.  the  block  dia- 
gram for  the  phased  mission  shown  in  Figure  2.2) . 


s, 

L, 

F 

M, 

I 

transformed 
configuration 


Hl 

F2 

If 

H, 


HB-S 


Ml 

M2. 

h 

4- 

-v 

-M, 

> 

transformed 
configuration  2 


F.  _B 


_F- 


H, 


_H. 


_H 


M 


SE^ 


_T. 


_T, 


H    _ 


H     _H 


transformed 
configuration  3 


Figure  3.1.   Equivalent  system  for  the 
mission  of  Example  1.1. 
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In  the  equivalent  system  the  m  phase  configurations  which  oper- 
ated in  sequence  become  m  subsystems  which  operate  in  series.   How- 
ever, these  subsystems  usually  have  components  in  common  (cf.  Figure 
3.1),  and  do  not  function  independently.   Thus  the  product  of  the  sub- 
system reliabilities  is  in  general  not  equal  to  the  system  reliability, 
as  is  illustrated  by  the  following  extension  of  Example  1.2. 

Example  3.1.   For  the  mission  described  in  Example  1.2,  the  equiv- 
alent system  has  the  block  diagram 


II 


'21 


subsystem 


II 


12 


21 


22 


subsystem  2 


Letting  tt  . ,   k  =  1,2,   j  =  1,2,   be  as  defined  in  Example  1.2,  and 
kj 


=  ir 


kl   "kl'   ^k2 


=  tt  _  it.-,  r   k  =  1,2,   the  subsystem  reliabilities  are 


Pl  =  *11  +  *21  "  *11¥21  =  Pll  +  P21  "  PllP2l' 
i 

K2     11  12  21  22    H12K22 

Their  product  p  =  p  p   is,  except  in  trivial  cases,  less  than  the 

true  system  reliability  p  =  it,  ,tt,  ,»ir„,ir„„  =  p,^p^^  which  can  be  found 
1  *      e  11  12  21  22     12  22 

by  reducing  the  block  diagram  to  its  simplest  form 


II 


12 


21 


22 
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The  true  reliability  for  the  equivalent  system  does  agree  with  the 

reliability  for  the  phased  mission  given  in  Example  1.2.  Q 

The  transformed  version  of  the  phase  j  configuration  functions 

if  the  event  {<J>.(U   U   .  ..U  D  )  =  1}  occurs,  where 

U    =  (U,  .,...,  U  .),   and  U   U    =  (U,  .U.  . , . . .  ,U  .U  J.   The  equiv- 
*•       lx      m        "•*.***       I1  1*      ni  nA 

alent  system  functions  if  the  event  {$■.("   )  ■  1#  <J>2  (U   0   )  =  1#... 
...,  *  (U   'u    ...U   )  =  1}  occurs.   The  reliability  of  the  equiva- 
lent  system  is 

p-piTT"  ♦  .<u(1V2)...o«)>  =  i] 

=  j=l   j  •*•   •*•      *** 

(3.2) 

«*TT"  *.(u(1)u(2)...u(j)). 


It  remains  to  establish  that  the  reliability  of  the  equivalent 

system  agrees  with  the  mission  reliability  for  the  original  system,  i.e, 

that  p  as  given  by  (3.2)  agrees  with  p  as  given  by  (2.3).   This  is 

done  by  the  following  theorem  and  subsequent  remarks. 

Theorem  3.1.  Let     X. ,...,X   be  a   non-increasing  sequence  of 
x      m 

Bernoulli   random  variables,    i.e.      X,  £  X^  ^  . . .  ^  X  .  Let     U,  ,...,U 

12  m  1  m 

be  independent   Bernoulli  random  variables  with 

PlOj  =   1]    =  P[XX  =   1], 

P[U     =   1]    =   P[X.    =   l|x._1   =1],      j    =    2,...,m. 

Then     X.,...,X     =St  U, ,U,U„, . . . ,U,U„. . .U    . 
l  m  ±12  12m 

Proof.      It   is  only  necessary   to   show  for  each  non-increasing 
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binary  sequence  x.  2;x.  2  ...  <ix  ,   x.  =  0  or  1,   j  =  l,...,m,   that 

l         2  m         3 

P[X.    -  x_,...,Xm  =  x J    =  P[U.    =  X-,U.U_   =  x0,...,U.U_...U     =  xj.     , 
11  mm  iiiz2  12mm 

For  the  sequence  x,  =0,  x_=0,  ...,x  =0, 

12  m 

P[X,    =   0,...,X     =  0]    =  P[X,    =  0]    =  P[U,    =  0] 
lml  1 

=  P[U.    =   0,U-U.   =   0,...,U.U_...U     =   0]. 
l  12  12m 

For  the  sequence  x,  =  1,  x_  =  1,  . ..,  x  =  1, 

12  m 

/  P[X,    =   1,...,X      ■   1]    m   P[X      =    1|X      .    =   1]... 

1  m  m  i    m-l 


...P[X2  =   1^   =   HP^  =   1] 


=   P[U      =   1]...P[U.   =   1]P[U.    =   1] 
m  2  1 

=  P[U.    =   1,U.U0   =   1,...,U.U_...U     =   JL], 
l  12  12m 

For  any  other  sequence     x,   =  1,    j   =  1, ...,£,   x.   =  0,    j   =  &+l,...,m, 
P[XX  =  l,'...,Xft  =  l^X^  =  o,...,xm  =  0] 

=  p[xm  =  o,...,x£+1  =  olx^  =  1 x1  =  1] 

xp[X£  =   1,...^   =   1] 
=  ptx£+1  =  olx^  =  1]P[X£  =  1,...^  =  1] 
=  p%+1   =   OJPIU^  =   1,...,^  =   1] 

=    P[UX    =    1, ...#U£    =     lrU^+1    =    0] 

-  pti^  =  i»uxu2  =  i;#^.,u1u2.V.oi  =  i,... 

...^...u^u^  =  o,...,^^...^  =  o].  D 
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From  (2.1)  the  sequence  of  variables  X,  (t. ),...,  X,  (t  ),  which  in- 

k  i       Km 

dicate  the  performance  of  component  C.   at  the  end  of  each  phase,  is 
non- increasing.   Thus  for  U   , . . . #U    constructed  according  to  (3.1), 

W'VV VV  T*  Ukl'UklUk2 UklUk2---Ukm- 

Then,  since  component  failure  times,  and  consequently  component  per- 
formance processes,  are  independent, 

x(v,x(t,) x(t  )  =st  u(1',u(1V2) u(1V2)...utm). 

Since  the  event  "success  in  the  phased  mission"  occurs  if 
$.(X(t.))  =1,   j  =  l,...,m,   and  the  event  "functioning  of  the  equiv- 
alent  system"  occurs  if  «J> .  (U   U   . .  .U  3    )  =1,   j  =  l,...,m,   then 
these  two  events  are  stochastically  equivalent.   Thus  p  as  given  by 
(2.3)  agrees  with  p  as  given  by  (3.2). 

4.   Sample  applications  of  the  transformation.   The  transformation 
described  in  Section  3  provides,  in  principle,  a  way  to  adapt  existing 
programs  for  computing  the  reliability  of  single-phase  systems  to  the 
computation  of  mission  reliabilities  for  phased  missions.   The  neces- 
sary inputs  are  the  phase  configurations  and,  phase  by  phase,  the  con- 
ditional probabilities  that  the  components  survive  the  phase,  given 
that  they  have  survived  the  previous  phases,  i.e.  the  component  condi- 
tional  phase  reliabilities 

*1cl  =  PtW  -  «f     '  • 
(4.1)        K1      *  l 

Vj  =  Plxk(t)  =  1lxk{t_1)  =  1J  '   J  "  2,...,m, 
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k  =  l,...,n.   From  (3.1)  the  conditional  phase  reliabilities  are  the 
reliabilities  of  the  components  in  the  equivalent  system.   The  program 
could  be  adapted  to  accomplish  steps  (a)  and  (b)  of  the  transformation 
internally,  and  then  to  find  the  reliability  of  the  equivalent  system. 

Direct  implementation  of  the  transformation  could  be  frustrated  by 
a  large  number  of  components  in  the  equivalent  system,  and  in  any  case 
may  not  be  the  most  efficient  approach.   However,  the  transformation 
may  also  be  used  to  study  refined  computational  algorithms,  and  bounds 
on  mission  reliability. 

For  instance,  it  is  possible  to  study  the  tempting  procedure  of 
estimating  mission  reliability  by  computing  the  reliability  of  each 
phase  configuration  separately,  and  then  multiplying  the  results  to- 
gether.  There  are  at  least  two  choices  of  component  reliabilities  to 
use  in  doing  this;  the  conditional  phase  reliabilities  given  in  (4.1), 
or  the  component  (unconditional)  reliabilities   through  each  phase 

(4.2)  pkj  =  P[Xk(tJ  =  1]  =  fX^  *k.,   j  =  l,...,m, 

k  =  l,...,n.   The  first  choice  leads  to  estimating  mission  reliability 
by 

(4.3)  tt  =  ]T  *  h.(ir_ ,ir  .), 

1  '  3=1  D   ID      nj 

and  the  second  choice  to  estimating  mission  reliability  by 


(4-4)  p-TT^h.^. p, 


where  in  both  cases  h.,   j  =  l,...,m,   are  the  reliability  functions 
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for  the  phase  configurations.      The  reliability  function  of  a  system 
with  structure  function     <fi     is  defined  by 

h(p.,...,p   )    =  P[<t>(X_,...,X   )    =  1]    =  E4>(X.,...,X   ), 
in  in  in 

where  X,  ,...,X   are  independent  Bernoulli  random  variables  with 
In 

PIX^  =  1]  =  pk,  k  =  l,...,n. 

The  following  remark  shows  that  (4.3)  gives  an  optimistic  result 
(cf.  Example  1.2)  and  that  (4.4)  gives  a  conservative  result  (cf.  Exam- 
ple 3.1). 

Remark  4.1.  For     tt  as  given  by    (4.3),   p  as  given  by    (4.4),  and 
p  as  given  by    (2.3)  or    (3.2),   p^p^ir. 

Proof.   The  coherent  phase  configurations  have  non-decreasing 
structure  functions  from  (2.2),  and  U    ,...,U     are  independent  by 
construction.   Thus 

EirA*J(a,1V2)--£(j,)^Trj:1*J(s(j)' 

so  that  p  £  tt   from  (3.2)  and  (4.3). 

The  proof  that  p  £  p  uses  standard  properties  of  associated 
random  variables  (Barlow  and  Proschan  [1975],  Chapter  2,  or  Esary, 
Proschan,  and  Walkup  [1967]).   Since  U  •,   k  =  l,...,n,   j  =  l,...,m, 
are  independent,  and  thus  associated,  and  <f> . ,   j  =  l,...,m,   are  non- 
decreasing,  then   <t> .  (U   U    ...U   ),   j  =  l,...,m,   are  associated. 
Therefore  the  inequality 
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TT"  E4,.(U(1)U(2'...U<j))  *EUm,    ♦.(U(1)U<2,...U(j,) 

holds,  so  that   p  £  p  from  (4.4)  and  (3.2).  D 

The  transformation  can  provide  a  simple  rationale  for  the  cut  can- 
cellation technique  of  Rubin,  Weisberg,  and  Schmidt.   Conversely,  cut 
cancellation  can  result  in  an  advantageous  simplification  of  the  earli- 
er configurations  of  a  phased  mission,  prior  to  any  implementation  of 
the  transformation. 

For  instance,  the  sequence  of  phase  configurations  in  Example  1.2 
turned  out  ot  have  the  mission  reliability  p  =  pp.   The  sequence 
of  phase  configurations 


phase  I  phase  2 

has  the  same  mission  reliability.   In  Example  1.2  the  only  minimal  cut 
set  in  phase  1,   {C.,C  },   contains  the  phase  2  minimal  cut  sets,   {c  } 
and  {C  }.   Thus  {c  ,C  }  can  be  "cancelled"  in  its  phase,  leaving  a 
configuration  which  can  never  fail. 

The  minimal  cut  sets   of  a  (coherent)  phase  configuration  are  the 
minimal  (in  the  sense  of  set  inclusion)  combinations  of  components 
which  by  all  failing  cause  the  configuration  to  fail.   The  configura- 
tion can  be  viewed  as  a  series  combination  of  subconfigurations,  each 
of  which  consists  of  the  components  in  a  minimal  cut  set  acting  in  par- 
allel (Barlow  and  Proschan  [1975] ,  Chapter  1,  or  Birnbaum,  Esary,  and 
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Saunders  [1961] )  . 

The  rule  for  cut  cancellation   is: 

A  minimal   cut  set  in  a  phase  can  be  cancelled ,    i.e. 
omitted  from   the  list  of  minimal   cut  sets  for  that 
phase,   if  it  contains  a  minimal   cut  set  of  a  later  phase. 
A  slightly  more  typical  illustration  of  how  cut  cancellation 
works  is  given  in  the  following  example. 

Example  4.1.   A  mission  has  the  phase  configurations 


HD 


—  —ft 


phase  I 


phase  2 


The  minimal  cut  sets  are:     in  phase  1    {c. }   {C  ,C  } 

in  phase  2    {c  }    {C  ,C3> 
The  phase  1  cut   {C  ,C  }   contains  the  phase  2  cut   {C  },   and  so  can 
be  cancelled  in  phase  1.   No  cancellation  results  from  the  fact  that 
the  phase  2  cut   {C.,C_}   contains  the  phase  1  cut   {C  }. 

After  cancellation  the  sequence  of  phase  configurations  reduces  to 


E\~       r- 


phase  I 


phase  2 
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It  is  easy  to  verify  that  both  sequences  lead  to  the  same  mission 
reliability  by  comparing  their  equivalent  systems.  Q 

The  use  of  cut  cancellation  is  justified  by  the  following  remark. 

Remark  4.2.  Cut  cancellation  does  not  affect  mission  reliability. 

Proof.   A  formal  proof  of  the  remark  could  be  given  without  invok- 
ing the  transformation,  but  its  use  provides  a  way  to  visualize  why  the 
remark  is  true,  and  further,  why  cut  cancellation  is  not  a  symmetric 
procedure. 

Simply  note  that  a  minimal  cut  set  of  the  phase  j  configuration, 
consisting  of  the  components,  say  C  , ...,C  ,   corresponds  to  a  paral- 

X  At 

lei  and  series  array 


C.l 

C,? 

C?t 

°22 

•— [5H5 


•  j 


i\ 


a 


in  the  equivalent  system.   This  array  acts  in  a  series  with  the  similar 
arrays  corresponding  to  the  other  minimal  cut  sets,  whatever  their 
phase  of  origin.   Then  it  is  apparent  that  a  minimal  cut  set,  which 
contains  a  minimal  cut  set  from  a  later  phase,  can  be  cancelled  with  no 
effect.  D 

As  a  final  illustration  of  the  cut  cancellation  technique  we  can 
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consider  its  effect  on  the  mission  described  in  Example  1.1.   The 
minimal  cut  sets  for  this  mission  are,  before  cancellation: 

in  phase  1      {M,L}    {M,S> 

in  phase  2      {F}   {H,M>   {H,T>   {M,L> 

in  phase  3      {F,M}   {H,M}   {H,T} 
The  minimal  cut  sets  after  cancellation  are: 

in  phase  1      {M,S} 

in  phase   2  {F}        {m,L} 

in  phase   3  {F,M>        {H,M>        {H,T> 

A  block  diagram  for  the  simplified  sequence  of  phase  configurations  is 
shown  in  Figure  4.1. 


r-    S    -, 


M  -J 


phase 


-E- 


_   L 


M  -1 


u  M  - 


phase  2 


H 


phase  3 


Figure  4.1.   Phase  configurations  for  the  mission 
of  Example  1.1  after  cut  cancellation. 

After  cancellation,  the  transformation  could  be  applied  to  obtain 
an  equivalent  system  simpler  than  the  one  shown  in  Figure  3.1.  Relia- 
bility computations  would  be  simplified  accordingly. 
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